Fix entries using HiJackThis
- Launch HiJackThis
- Click the Do a system scan only button
- Put a check next to the entries listed below
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://87.25.173.66:8082/VatDec.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8F6F334-C344-42D1-A94C-2875F633810A}: NameServer = 85.255.112.200,85.255.112.182
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.200,85.255.112.182
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.112.200,85.255.112.182
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.200,85.255.112.182
- IMPORTANT: Do NOT click fix until you exit all browser sessions including the one you are reading in right now
- Click the Fix checked button and close HiJackThis
- Reboot HijackThis if necessary
Delete Domains
Right click on this link
DelO15Domains.inf and choose Save As. Save it to your desktop. Right click on that file and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards. NOTE: This script will delete any sites you may have added to the Trusted Sites. So if you want them back, you have to add them back to the Trusted Sites again.
Try to use Malwarebytes and SAS again.
Also,
This,
C:\Program Files\Trend Micro\aussie.exe\HijackThis.exe
Should be this,
C:\Program Files\Trend Micro\HijackThis\aussie.exe
This next step is purely optional however viewpoint is considered foistware and is not needed on your computer,
'To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.'
Go to Start > Run and copy/paste or type: taskmgr
- Under the Processes tab find the following tasks or processes:
ViewpointService.exe
ViewMgr.exe
- Highlight and click "End Process".
- Exit Task Manager.
Click on Start > Run and type: services.msc
- Press "OK".
- Click the "Extended tab".
- Scroll down the list and find the service called "Viewpoint Manager Service"
- When you find the service, double-click on it.
- In the Properties Window > General Tab that opens, click the "Stop" button.
- From the drop-down menu next to "Startup Type", click on "Disabled".
- Now click "Apply", then "OK" and close any open windows.
Click on Start > Settings > Control Panel > Add/Remove Programs > highlight and remove all references to Viewpoint - i.e.
Viewpoint, Viewpoint Manager, Viewpoint Media Player.
Finally, delete the following folders if they still exist:
C:\Program Files\ViewManager\ <-- and delete this folder
C:\Program Files\Viewpoint\ <-- and delete this folder
I also recommend you uninstall Zone alarm spyblocker,
Since recently, Zonealarm decided to include a "ZoneAlarm Spy Blocker toolbar" as well which is an optional during install.
However, this Toolbar now uses the AskJeeves/Ask.com searchengine.
More info:
here.
This Toolbar is not recommened. See here:
here.
Source: SpywareInfo/minkiemoes
Post back a fresh log.